<?php
//require('config.php');
require("db_connection.php");
$user = $_POST['user'];
$password = $_POST['password'];
$refer = $_POST['refer'];


if ($user == '' || $password == '')
{
    // No login information
    //header('Location: login.php?msg=2&refer='. urlencode($_POST['refer']));
	header('Location:login.php');
}
else
{
    // Authenticate user
 //   $con = mysql_connect($db_host, $db_user, $db_pass);
    //mysql_select_db($db_name, $user_con);
    
    $query = "SELECT uid, MD5(UNIX_TIMESTAMP() + uid + RAND(UNIX_TIMESTAMP()))
        guid,color FROM susers WHERE user = '$user' AND password = password('$password')";
        
    $result = mysql_query($query, $user_con)
    	or die ('Error in query');
    
    if (mysql_num_rows($result))
    {
        $row = mysql_fetch_row($result);
        // Update the user record
        $color = $row[2];
		$query = "UPDATE susers SET guid = '$row[1]' WHERE uid = $row[0]";
            
        mysql_query($query, $user_con)
        	or die('Error in query');
        
        // Set the cookie and redirect
        // setcookie( string name [, string value [, int expire [, string path
        // [, string domain [, bool secure]]]]])
        // Setting cookie expire date, 6 hours from now
        $cookieexpiry = (time() + 21600);
        setcookie("session_id", $row[1], $cookieexpiry);

		session_start();
	
		$_SESSION["page"]="index.php";
		$_SESSION["color"]= $color;
		$_SESSION["user"]=$user;
		$_SESSION["uid"]=$row[0];
	//$_SESSION['class']=$_POST['class'];
   //     if (empty($refer) || !$refer)
   //     {
        //$refer = 'forum.php';
   //     }

        header('Location: '. $refer);
    }
    else
    {
        // Not authenticated
		
		//header('Location: login.php?msg=1&refer='. urlencode($refer));
		header('Location:login.php');
    }
}
?>